[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[edit services] Hierarchy Level

To configure services, include the following statements at the [edit services] hierarchy level of the configuration:

aacl {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-group-any;
application-groups [ application-group-names ];
applications [ application-names ];
destination-address address <any-unicast>;
destination-address-range low minimum-value high maximum-value;
destination-prefix-list list-name;
source-address address <any-unicast>;
source-address-range low minimum-value high maximum-value;
source-prefix-list list-name;
}
then {
(accept | discard);
(count application-group-name | forwarding-class class-name);
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
}
adaptive-services-pics {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable> <match regex>;
flag flag;
}
}
application-identification {
application application-name {
disable;
idle-timeout seconds;
index number;
session-timeout seconds;
type type;
type-of-service service-type;
port-mapping {
port-range {
tcp (port | range);
udp (port | range);
}
disable;
}
}
application-group group-name {
application-groups {
name [application-group-name];
}
applications {
name [application-name];
}
index number;
disable;
}
application-system-cache-timeout seconds;
max-checked-bytes bytes;
min-checked-bytes bytes;
no-application-identification;
no-application-system-cache;
no-clear-application-system-cache;
no-signature-based;
profile profile-name {
[ rule-set rule-set-name ];
}
rule rule-name {
address address-name {
destination {
ip address</prefix-length>;
port-range {
tcp [ ports-and-port-ranges ];
udp [ ports-and-port-ranges ];
}
}
source {
ip address</prefix-length>;
port-range {
tcp [ ports-and-port-ranges ];
udp [ ports-and-port-ranges ];
}
}
order number;
}
application application-name;
disable;
}
rule-set rule-set-name {
rule application-rule-name;
}
traceoptions {
file filename <files number> <match regex> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
border-signaling-gateway {
gateway gateway-name {
embedded-spdf {
service-class service-class-name {
term term-name {
from {
media-type (any-media | audio | video);
}
then {
committed-burst-size bytes;
committed-information-rate bytes-per-second;
dscp (alias | do-not-change | dscp-value);
reject;
}
}
}
}
service-interface name;
service-point service-point-name {
service-point-type service-point-type;
port-number {
ip-address ip-address;
transport-protocol (udp | tcp);
}
service-interface interface-name.unit-number;
service-policies {
new-call-usage-policies [ policy-and-policy-set-names ];
new-transaction-policies [ policy-and-policy-set-names ];
}
}
sip {
new-call-usage-policy policy-name {
term term-name {
from {
contact [ contact-fields ];
method {
method-invite;
}
request-uri [ uri-fields ];
source-address [ ip-addresses ];
}
then {
(accept | reject);
media-policy service-class-name;
trace;
}
}
}
new-call-usage-policy-set policy-set-name {
policy-name [ policy-names ];
}
new-transaction-policy policy-name {
term term-name {
from {
contact [ contact-fields ];
method {
method-invite;
method-message;
method-options;
method-publish;
method-refer;
method-register;
method-subscribe;
}
request-uri [ uri-fields ];
source-address [ ip-addresses ];
}
then {
(accept | reject);
route {
egress-service-point service-point-name;
next-hop (request-uri | address ipv4-address <port port-number> <transport-protocol (udp | tcp)>);
}
trace;
}
}
}
new-transaction-policy-set policy-set-name {
policy-name [ policy-names ];
}
timers {
inactive-call seconds;
inactive-call seconds;
timer-c seconds;
}
}
traceoptions {
file {
filename filename;
files number-of-files;
match regular-expression;
size maximum-trace-file-size;
}
flag {
datastore {
data trace-level;
db trace-level;
handle trace-level;
minimum trace-level;
}
framework {
action trace-level;
event trace-level;
executor trace-level;
freezer trace-level;
minimum trace-level;
memory-pool trace-level;
}
minimum trace-level;
sbc-utils {
common trace-level;
configuration trace-level;
device-monitor trace-level;
ipc trace-level;
memory-management trace-level;
message trace-level;
minimum trace-level;
user-interface trace-level;
}
session-trace trace-level;
signaling {
b2b trace-level;
b2b-wrapper trace-level;
minimum trace-level;
policy trace-level;
sip-stack-wrapper trace-level;
topology-hiding trace-level;
ua trace-level;
}
sip-stack {
dev-logging;
event-tracing;
ips-tracing;
pd-log-detail (full | summary);
pd-log-level (audit | exception | problem);
per-tracing;
verbose-logging;
}
}
}
}
}
cos {
application-profile profile-name {
sip-text {
dscp (alias | bits);
forwarding-class class-name;
}
sip-video {
dscp (alias | bits);
forwarding-class class-name;
}
sip-voice {
dscp (alias | bits);
forwarding-class class-name;
}
}
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address address;
destination-prefix-list list-name <except>;
source-address address;
source-prefix-list list-name <except>;
}
then {
application-profile profile-name;
dscp (alias | bits);
forwarding-class class-name;
(reflexive | reverse) {
application-profile profile-name;
dscp (alias | bits);
forwarding-class class-name;
syslog;
}
syslog;
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
dynamic-flow-capture {
capture-group client-name {
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destination ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ address ];
}
duplicates-dropped-periodicity seconds;
input-packet-rate-threshold rate;
interfaces interface-name;
max-duplicates number;
pic-memory-threshold percentage percentage;
}
g-max-duplicates number;
g-duplicates-dropped-periodicity seconds;
}
flow-collector {
analyzer-address address;
analyzer-id name;
destinations {
ftp:url {
password "password";
}
file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
collector interface-name;
file-specification variant-number;
}
}
retry number;
retry-delay seconds;
transfer-log-archive {
archive-sites {
ftp:url {
password "password";
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
}
flow-monitoring {
version9 {
template template-name {
flow-active-timeout seconds;
flow-inactive-timeout seconds;
ipv4-template;
ipv6-template;
mpls-template {
label-position [ positions ];
}
mpls-ipv4-template {
label-position [ positions ];
}
option-refresh-rate packets packets seconds seconds;
template-refresh-rate packets packets seconds seconds;
}
}
}
flow-tapflow-tap {
interface interface-name;
}
flow-tap-lite {
interface interface-name;
}
ids {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value<except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
aggregation {
destination-prefix prefix-number | destination-prefix-ipv6 prefix-number;
source-prefix prefix-number | source-prefix-ipv6 prefix-number;
}
(force-entry | ignore-entry);
logging {
syslog;
threshold rate;
}
session-limit {
by-destination {
hold-time seconds;
maximum number;
packets number;
rate number;
}
by-pair {
maximum number;
packets number;
rate number;
}
by-source {
hold-time seconds;
maximum number;
packets number;
rate number;
}
}
syn-cookie {
mss value;
threshold rate;
}
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
ipsec-vpn {
clear-ike-sas-on-pic-restart;
clear-ipsec-sas-on-pic-restart;
ike {
proposal proposal-name {
authentication-algorithm (md5 | sha1 | sha-256);
authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);
description description;
dh-group (group1 | group2);
encryption-algorithm algorithm;
lifetime-seconds seconds;
}
policy policy-name {
description description;
local-certificate identifier;
local-id (ipv4_addr ipv4-address | ipv6-addr ipv6-address | key-id identifier);
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals [ proposal-names ];
remote-id {
ipv4_addr [ values ];
ipv6_addr [ values ];
key_id [ values ];
}
}
}
ipsec {
proposal proposal-name {
authentication-algorithm (hmac-md5-96 | hmac-sha1-96);
description description;
encryption-algorithm algorithm;
lifetime-seconds seconds;
protocol (ah | esp | bundle);
}
policy policy-name {
description description;
perfect-forward-secrecy {
keys (group1 | group2);
}
proposals [ proposal-names ];
}
}
rule rule-name {
match-direction (input | output);
term term-name {
from {
destination-address address;
ipsec-inside-interface interface-name;
source-address address;
}
then {
backup-remote-gateway address;
clear-dont-fragment-bit;
dynamic {
ike-policy policy-name;
ipsec-policy policy-name;
}
initiate-dead-peer-detection;
manual {
direction (inbound | outbound | bidirectional) {
authentication {
algorithm (hmac-md5-96 | hmac-sha1-96);
key (ascii-text key | hexadecimal key );
}
auxiliary-spi spi-value;
encryption {
algorithm algorithm;
key (ascii-text key | hexadecimal key );
}
protocol (ah | bundle | esp);
spi spi-value;
}
}
no-anti-replay;
remote-gateway address;
syslog;
tunnel-mtu bytes;
}
}
}
rule-set rule-set-name {
rule rule-name;
}
traceoptions {
file {
files number;
size bytes;
}
flag flag;
}
}
l2tp {
tunnel-group name {
hello-interval seconds;
hide-avps;
l2tp-access-profile profile-name;
local-gateway address address;
maximum-send-window packets;
ppp-access-profile profile-name;
receive-window packets;
retransmit-interval seconds;
service-interface interface-name;
syslog {
host hostname {
services severity-level;
facility-override facility-name;
log-prefix prefix-value;
}
}
tunnel-timeout seconds;
}
traceoptions {
debug-level level;
filter {
protocol name;
}
flag flag;
interfaces interface-name {
debug-level level;
flag flag;
}
}
}
logging {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable> <match regex>;
flag flag;
}
}
nat {
ipv6-multicast-interfaces (all | interface-name) {
disable;
}
pool nat-pool-name {
address ip-prefix</prefix-length>;
address-range low minimum-value high maximum-value;
pgcp {
hint [ hint-strings ];
ports-per-session ports;
remotely-controlled;
transport;
}
port (automatic | range low minimum-value high maximum-value) {
random-allocation;
}
}
rule rule-name {
match-direction (input | output);
term term-name {
nat-type(full-cone | symmetric);
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
syslog;
translated {
destination-pool nat-pool-name;
destination-prefix destination-prefix;
overload-pool overload-pool-name;
overload-prefix overload-prefix;
source-pool nat-pool-name;
source-prefix source-prefix;
translation-type (destination type | source type);
}
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
pgcp {
gateway gateway-name {
cleanup-timeout seconds;
gateway-address gateway-address;
fast-update-filters {
maximum-terms number-of-terms;
maximum-fuf-percentage percentage;
}
gateway-controller gateway-controller-name {
controller-address ip-address;
controller-port port-number;
interim-ah-scheme {
algorithm algorithm;
}
}
gateway-port gateway-port;
graceful-restart {
maximum-synchronization-mismatches number-of-mismatches;
maximum-synchronization-time seconds;
}
data-inactivity-detection {
inactivity-delay;
latch-deadlock-delay seconds;
send-notification-on-delay;
inactivity-duration seconds;
no-rtcp-check
stop-detection-on-drop;
report-service-change {
service-change-type (forced-906) | forced-910);
}
}
h248-properties {
application-data-inactivity-detection {
ip-flow-stop-detection (regulated-notify | immediate-notify);
}
base-root {
mg-provisional-response-timer-value {
default milliseconds;
maximum milliseconds;
minimum milliseconds;
}
mg-provisional-response-timer-value {
default milliseconds;
maximum milliseconds;
minimum milliseconds;
}
mgc-originated-pending-limit {
default number-of-messages;
maximum number-of-messages;
minimum number-of-messages;
}
mgc-originated-pending-limit {
default number-of-messages;
maximum number-of-messages;
minimum number-of-messages;
}
normal-mg-execution-time {
default milliseconds;
maximum milliseconds;
minimum milliseconds;
}
normal-mgc-execution-time {
default milliseconds;
maximum milliseconds;
minimum milliseconds;
}
}
diffserv {
dscp {
default (dscp-value | alias | do-not-change);
}
}
event-timestamp-notification {
request-timestamp (requested | suppressed | autonomous);
{
hanging-termination-detection {
timerx seconds;
}
notification-behavior {
notification-regulation default (once | 0 - 100);
}
segmentation {
mg-segmentation-timer {
default milliseconds;
maximum milliseconds;
minimum milliseconds;
}
mgc-segmentation-timer {
default milliseconds;
maximum milliseconds;
minimum milliseconds;
}
mg-maximum-pdu-size {
default bytes;
maximum bytes;
minimum bytes;
}
mgc-maximum-pdu-size {
default bytes;
maximum bytes;
minimum bytes;
}
}
traffic-management {
peak-data-rate {
default bytes-per-second;
maximum bytes-per-second;
minimum bytes-per-second;
rtcp {
fixed-value bytes-per-second;
percentage percentage;
}
}
sustained-data-rate {
default bytes-per-second;
maximum bytes-per-second;
minimum bytes-per-second;
rtcp {
fixed-value bytes-per-second;
percentage percentage;
}
}
max-burst-size {
default bytes;
maximum bytes;
minimum bytes;
rtcp {
fixed-value bytes;
percentage percentage;
}
}
}
inactivity-timer {
inactivity-timeout {
detect;
maximum-inactivity-time {
default 10-millisecond-units;
maximum 10-millisecond-units;
minimum 10-millisecond-units;
}
}
}
}
h248-options {
audit-observed-events-returns;
encoding {
no-dscp-bit-mirroring;
use-lower-case
}
service-change {
context-indications {
state-loss (forced-910 | forced-915 | none);
}
control-association-indications {
disconnect {
controller-failure (failover-909 | restart-902);
reconnect (disconnected-900 | restart-902);
}
down {
administrative (forced-905 | forced-908 | none);
failure (forced-904 | forced-908 | none);
graceful (graceful-905 | none);
}
up {
cancel-graceful (none | restart-918);
failover-cold (failover-920 | restart-901);
failover-warm (failover-919 | restart-902);
}
}
virtual-interface-indications {
virtual-interface-down {
administrative (forced-905 | forced-906 | none);
failure (forced-904 | forced-906 | none);
graceful (graceful-905 | none);
link-loss (forced-906 | none);
}
use-wildcard-response;
virtual-interface-up {
cancel-graceful (none | restart-918);
warm (none | restart-900);
}
}
}
}
h248-timers {
initial-average-ack-delay milliseconds;
maximum-net-propagation-delay milliseconds;
maximum-waiting-delay milliseconds;
tmax-retransmission-delay milliseconds;
}
max-concurrent-calls number-of-calls;
monitor {
media {
rtcp;
rtp;
}
}
service-state (in-service | out-of-service-forced | out-of-service-graceful);
session-mirroring {
delivery-function delivery-function-name {
destination-address destination-address;
destination-port destination-port;
network-operator-id network-operator-id;
source-address source-address;
source-port source-port;
}
disable-session-mirroring;
}
}
media-service media-service-name {
nat-pool nat-pool-name;
}
rule rule-name {
gateway gateway-name;
media-service media-service-name;
}
rule-set rule-set-name {
rule rule-name1;
rule rule-name2;
rule rule-name3;
}
traceoptions {
file filename <files number> <match regex> <size size> <world-readable | no-world-readable>;
flag flag;
}
virtual-interface interface-number {
media-service media-service-name;
interface interface-identifier;
routing-instance instance-name {
service-interface interface-name.unit-number;
}
service-state (in-service | out-of-service-forced | out-of-service-graceful);
}
session-mirroring {
delivery-function delivery-function-name {
destination-address destination-address;
destination-port destination-port;
network-operator-id network-operator-id;
source-address source-address;
source-port source-port;
}
disable-session-mirroring;
}
}
rpm {
bgp {
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name <routing-instances routing-instance-name>;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances instance-name;
test-interval interval;
}
probe owner {
test test-name {
data-fill data;
data-size size;
destination-interface interface-name;
destination-port port;
dscp-code-point dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance instance-name;
source-address address;
target (url | address);
test-interval interval;
thresholds thresholds;
traps traps;
}
}
probe-limit limit;
probe-server {
tcp {
destination-interface interface-name;
port (RPM) number;
}
udp {
destination-interface interface-name;
port (RPM) number;
}
}
twamp {
server {
authentication-mode (authenticated | encrypted | none);
client-list list-name {
address address;
}
inactivity-timeout seconds;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
}
}
}
service-set service-set-name {
aacl-rules rule-name;
policy-decision-statistics-profile profile-name;
(ids-rules rule-names | ids-rule-sets rule-set-name);
(ipsec-vpn-rules rule-names | ipsec-vpn-rule-sets rule-set-name);
(nat-rules rule-names | nat-rule-sets rule-set-name);
(pgcp-rules rule-names | pgcp-rule-sets rule-set-name);
(stateful-firewall-rules rule-names | stateful-firewall-rule-sets rule-set-name);
allow-multicast;
extension-service service-name {
provider-specific rules;
}
interface-service {
service-interface interface-name;
}
ipsec-vpn-options {
ike-access-profile profile-name;
local-gateway address;
trusted-ca [ ca-profile-name ];
}
max-flows number;
next-hop-service {
inside-service-interface interface-name.unit-number;
outside-service-interface interface-name.unit-number;
service-interface-pool name;
}
syslog {
host hostname {
services severity-level;
facility-override facility-name;
log-prefix prefix-value;
}
}
}
stateful-firewall {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value<except>;
source-prefix-list list-name <except>;
}
then {
(accept | discard | reject);
allow-ip-options [ values ];
syslog;
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
}
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]